e1b7d275e2631f5e5f42a02633651702341a22b3806761976ff897a0e32b7138

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

384a23c37d432895007e89d003943220.exe
Size

89KB
MD5

384a23c37d432895007e89d003943220
SHA1

516b02bfba7eccb38e28d723ecc129efbb17973f
SHA256

e1b7d275e2631f5e5f42a02633651702341a22b3806761976ff897a0e32b7138
SHA512

88cd9770b1959fecb9a34eef484c195f4bfe723c7329c50c11e350734f3e9effc0fa9faa6c683ea93c0829d573b98767e9c805f7560573cbf7e922bfa7d0f383
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6ShLDw1wxh6hV:6DWp6Dw1wxh6hV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4675) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Xaml.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp	384a23c37d432895007e89d003943220.exe

C:\Users\Admin\AppData\Local\Temp\384a23c37d432895007e89d003943220.exe
"C:\Users\Admin\AppData\Local\Temp\384a23c37d432895007e89d003943220.exe"
1⤵
- Drops file in Program Files directory
PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2494989678-839960665-2515455429-1000\desktop.ini.tmp

Filesize
89KB

MD5
f6910c24b9167bbcf39ae08903e00fe6

SHA1
a75405b2603d9b493424f7d1c4d6c873fec126b6

SHA256
96eaeb5cdcc5748221ec4b8552d2751f0f81e00b1b0c57e1e9c808837db6234b

SHA512
d1b461ac8311d1f71051ffad477e01e86d54c2cb9c912e6c93b576468dcf508d8fffef751dda4ad17a6c94336a551958f5aa193ed8386a1d0796a8d7bc494e84

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
188KB

MD5
ecfca199c1fcfe93937ea33150dd5836

SHA1
92d7c2614b2661315330f85991130c07781825d8

SHA256
03659607acb0e1dfb4b79463e2c46c479266ac30523e35db2d0f0054431ae85f

SHA512
330dad2e55c4eab629f272ad08cb1b91b07b8ed26a74b52d90143ceef2af8990b6a1cf3596c4f8ec4cd89e0717250f1b51809d3ed33fc65706368a28bf8d44dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads